Connect with us

Hi, what are you looking for?



CIA Unit That Crafts Hacking Tools Didn’t Protect Itself

A specialized CIA unit that developed hacking tools and cyber weapons didn’t do enough to protect its own operations and wasn’t prepared to respond when its secrets were exposed, according to an internal report prepared after the worst data loss in the intelligence agency’s history.

A specialized CIA unit that developed hacking tools and cyber weapons didn’t do enough to protect its own operations and wasn’t prepared to respond when its secrets were exposed, according to an internal report prepared after the worst data loss in the intelligence agency’s history.

“These shortcomings were emblematic of a culture that evolved over years that too often prioritized creativity and collaboration at the expense of security,” according to the report, which raises questions about cybersecurity practices inside U.S. intelligence agencies.

Sen. Ron Wyden, D-Ore., a senior member of the Senate Intelligence Committee, obtained the redacted report from the Justice Department after it was introduced as evidence in a court case this year involving stolen CIA hacking tools.

He released it on Tuesday along with a letter he wrote to new National Intelligence Director John Ratcliffe, asking him to explain what steps he’s taking to protect the nation’s secrets held by federal intelligence agencies.

The findings were first published by The Washington Post.

The 2017 report was produced one year after the theft of sensitive tools for hacking into adversaries’ networks that were developed by the CIA’s specialized Center for Cyber Intelligence. A former CIA employee was accused of stealing the information and providing it to WikiLeaks, but a jury deadlocked on those allegations.

The CIA report revealed lax cybersecurity measures by the specialized unit and the niche information technology systems that it relies upon, which is separate from the systems more broadly used by everyday agency employees. The security was so poor, according to the report, that if these hacking tools had “been stolen for the benefit of a state adversary and not published, we might still be unaware of the loss.”

Advertisement. Scroll to continue reading.

CIA spokesman Tim Barrett would not comment on the report, but said the “CIA works to incorporate best-in-class technologies to keep ahead of and defend against ever-evolving threats.”

The leak occurred almost three years after Edward Snowden, a former contractor for the National Security Agency, confiscated classified information about the NSA’s surveillance operations, and publicly disclosed it.

“CIA has moved too slowly to put in place the safeguards that we knew were necessary given successive breaches to other U.S. Government agencies,” according to the report prepared in October 2017 by the CIA’s WikiLeaks Task Force.

The report said sensitive cyber weapons were not compartmented, users shared systems and administrator-level passwords, there were no effective controls for thumb drives and users had indefinite access to historical data.

The disclosure of the hacking tools featured prominently in the trial this year of Joshua Schulte, a former CIA software engineer accused of stealing a large trove of the agency’s hacking tools and handing it to WikiLeaks. He was convicted in March of only minor charges after a jury deadlocked on more serious espionage counts against him, including the theft of the hacking tools.

Prosecutors argued during the trial that the data dump had serious consequences, revealing CIA efforts to hack Apple and Android smartphones and efforts to turn internet-connected televisions into listening devices.

“These leaks were devastating to national security,” Assistant U.S. Attorney Matthew Laroche told jurors. “The CIA’s cyber tools were gone in an instant. Intelligence gathering operations around the world stopped immediately.”

Prosecutors portrayed Schulte as a disgruntled software engineer who exploited a little-known back door in a CIA network to copy the hacking arsenal without raising suspicion.

It was only after the anti-secrecy group WikiLeaks published the so-called Vault 7 leak in 2017 — nearly a year after the theft — that the agency scrambled to determine how the information had been stolen. It identified Schulte, 31, originally from Lubbock, Texas, as the prime suspect. Schulte had left the agency after a falling-out with colleagues and supervisors.

Prosecutors described the leak as an act of revenge. Defense attorney Sabrina Shroff argued that investigators could not be sure who took the data because the CIA network in question “was the farthest thing from being secure” and could be accessed by hundreds of people.

Related: WikiLeaks CIA Files Linked to Espionage Group

Related: CIA Hackers Targeted China in Decade-Long Campaign: Chinese Security Firm

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...